MITOCW | 7.

Technical Challenges

The following content is provided under a Creative Commons license. Your support will help
MIT OpenCourseWare continue to offer high-quality educational resources for free. To make a

donation or to view additional materials from hundreds of MIT courses, visit MIT
OpenCourseWare at ocw.mit.edu.

GARY GENSLER: Thank you again for all being here. We're going to talk a little bit about the challenges of

blockchain technology. I'm apologizing in advance. I'm supposed to be, like, across campus

for a 4 o'clock meeting. So I won't have much time right at the end to do the little wrap with

students coming up.

I will note also that if you want to come see me I'm open to it. Next week's a great week, by the
way, because I'm here all four or five days. But I don't have set office hours. Just email me.

Copy Dylan, who's the new course administrator. There was a swap out from Ryan. Or copy

Talida or Sabrina or something. But just shoot me an email, and then I'll set something up with
you if you want to follow up either on your projects, or it's a question about anything around

blockchain.

I also want to thank-- we don't usually have people here with jackets on. But we have six or

eight veterans who have served our country, and I thank you for your service.

[APPLAUSE]

They're here to observe us. I don't know whether we'll scare them away or not. But thank you

for joining us.

So today's topics are going to be around-- of course, we're going to go through the readings a
little bit. We don't have Larry Lessig, and it's a little bit more relaxed. So I might be doing some

cold calling if that's all right.

I'm going to go back a little bit to the technical features in a quick wrap-- in two slides or three

slides. But I just want to do that as the setup again. And, of course, because you all love hash

functions so much, it's just a way to bring it back to some of the technical features to set up,

really, what are some of the issues.

 We have-- I think it's lecture 11 and 12, where it's just what I call act two as the economics. But

I want to set up a little bit about the economics. You saw that in the reading-- the 21st Geneva
report that Simon Johnson and Neha Narula and Mike Casey and Jonah and I wrote. So now

you all-- I only assigned his seven pages out of it. So I hope that you read the seven pages.

But some of the costs and trade-offs, the challenges of blockchain technology that are very

real. I'll give you my own perspective on where I think this will sort out over the next 3 to 10

years. So I'll do some predictions. Vitalik Buterin has also talked about a trilemma, and I want
to chat about that. And that was one of the readings, if I recall.

He's such a leader in this community that when he writes and says something like this, it was
relevant, I think, that everybody's understand what Vitalik Buterin's kind of "trilemma" is, even

though that some people think he's mistaken.

Some possible solutions to this-- we have, who's attending today, Madars who is actually one

of the developers on some of the solutions around zero-knowledge proofs. And he might get

called on. He works over at the Digital Currency Initiative. I hope you're ready. And why I think

governance is the most challenging piece.

So with that, the readings-- I have a list of everybody that hasn't spoken yet.

[LAUGHTER]

So the goal is to speak. That's what class participation is. I'm going to be lighthearted about it.
I-- it's not that long ago I was a student, really. I remember all this, you know. You want to get

your name off this list. I just want to say kind of encouraging.

So should I do it alphabetical from the list as to who wants to tell me? No. No. You look like

you're ducking your head. What's your name?

[LAUGHTER]

AUDIENCE: Wendy

GARY GENSLER: What's that?

AUDIENCE: Wendy. Wendy.

GARY GENSLER: Wendy. Wendy. What did you take from the seven pages of the Geneva report? Did you read-
 - did you do the readings? So what did you take from the great work of Simon Johnson-- and I

helped him out, you know?

AUDIENCE: [INAUDIBLE]

GARY GENSLER: Anything about the business challenges of blockchain from the readings.

AUDIENCE: It takes a long time to do the [INAUDIBLE].

GARY GENSLER: So one challenge is time-- latency. It takes a long time to do. Wendy raises. Yes. If you could

say your first name?

AUDIENCE: Catalina.

GARY GENSLER: Catalina. It really helps Sabrina out-- get you off the list. So it's self-motivation to say your

name. So Catalina.

AUDIENCE: There is also a problem with performance and scalability.

GARY GENSLER: Right. So it's sort of related. They're not alone-- but performance, scalability, the time it takes

to do a transaction. Other challenges? Yes?

AUDIENCE: There are issues

GARY GENSLER: First name?

AUDIENCE: Samir. There are issues with micro payments and how they're [INAUDIBLE] inconsistently

confirmed.

GARY GENSLER: So how to do micro payments. You want to tease that out? Why is there a problem with micro
payments?

AUDIENCE: I can't remember the exact details, but it was around just the fact that-- because they're so

small, they were just essentially inconsistently [INAUDIBLE].

GARY GENSLER: All right. So how to do micro payments. And the small micro payments-- partly because they're
so small-- may be relative to the fees and the cost of the network. Alexis?

AUDIENCE: Yeah, I just wanted to add, like on this point because basically the minors will try to add to the
blockchain first the transaction with the highest fees. So a small transaction could take

[INAUDIBLE].
GARY GENSLER: So there's economic incentives that are involved here. We're now moving a little bit away from
all that stuff-- the broccoli that I said that we were all going to be eating about hash functions

and so forth. Akira.

AUDIENCE: Yeah. Other challenges-- the privacy and security. [INAUDIBLE] those concerns identity of

[INAUDIBLE]. And [INAUDIBLE] concern privacy protection of customers.

GARY GENSLER: OK. So Akira just raised a bunch of points about privacy and security-- about the individuals
and the regulators. Does anybody want to tease that out a little bit more?

AUDIENCE: Well, the bank has more of an incentive to keep things on the privacy side, whereas regulators
obviously will have pried into the details.

GARY GENSLER: OK. So you have that natural public policy tension that doesn't only exist around blockchain.
Jihee?

AUDIENCE: I could hear anything back here. So if people can speak up a little bit.

GARY GENSLER: OK. Do you want to say it again?

AUDIENCE: So inherently, the regulators want to look into the details of the transaction, whereas banks
have a high incentive to keep [INAUDIBLE] privacy side.

GARY GENSLER: So on the one side, there's a commercial interest to keep things private. On the other side, the

official sector might want to peer in. And then interestingly, on top of it-- layered on it-- the
official sector also wants privacy for everybody other than the official sector.

So like in Europe, there's a new requirement that wasn't in the readings. Don't worry. But is
anybody familiar with the directive-- the privacy directive called GDPR? I don't remember your

name. I'm sorry.

AUDIENCE: Erin.

GARY GENSLER: Erin. You want to tell the class a little bit about GDPR, or if you--

AUDIENCE: I'm not certain there. I just know that it's a big deal right now with going after [INAUDIBLE]

GARY GENSLER: Stephanie.

AUDIENCE: Yeah. So my understanding is that, especially when it comes to advertising to consumers, they
have-- consumers in the EU have to really check certain boxes to agree to be advertised to as

opposed to just automatically getting that.

GARY GENSLER: Right. So Joe Quinn?

AUDIENCE: It's a private deal. You have also the right to opt out of being tracked-- everything you do.

GARY GENSLER: Michael? This is Michael?

AUDIENCE: I was going to say we worked on this-- company I worked on at the summer. We had to put
purging mechanisms into our databases.

GARY GENSLER: All right. So it's a remarkable new law. Europe is, in a sense-- if you wish to say-- either more

privacy protection, or ahead of the US. You know, and each jurisdiction has their own cultural
and political norms. But Europe as a whole has moved further, in a sense.

You have a right to be forgotten. You have a right to access the information as well. And so
how to be forgotten in the context of an immutable blockchain is an interesting just technical

set of issues. Yes?

AUDIENCE: There was a question I was going to ask-- Kyle is my name.

GARY GENSLER: What's your first name?

AUDIENCE: Kyle.

GARY GENSLER: Kyle. OK.

AUDIENCE: I worked for a company this summer that processes transactions. And it was our
understanding-- speaking with lawyers in Europe-- that under GDPR, you're allowed to request

your transactions because the transactions count as personal information. You're allowed to
request your transactions to be erased from the ledger, which obviously opens the door to all
kinds of fraudulent behaviors. I'm just curious to know if you've heard of any sort of resolution

to that.

GARY GENSLER: I haven't. I was speaking at a conference earlier today here at MIT with a bunch of member
companies to the Computer Science and AI lab. And one of the participants said they thought
they had a technical set of solutions to it. So we're going to talk more about the privacy issues
 and GDPR in the public policy session next week. So I'll try-- Kyle, remind me. And I will try to
get more up to speed on that. Kelly.

AUDIENCE: I found the-- specifically in the GDPR chapter, there was something mentioned about what

makes blockchain uniquely qualified to solve a lot of these solutions. And I found that it had
coincided with what Professor Lessig said last class about-- there are significant trade offs that
often come down to the cost of trust. But it still begs the question-- with so many technical

challenges, why is it still such a-- something that's so sought after? So I'm hoping that we can
clear that up a little.

GARY GENSLER: We'll give it a shot. Other thoughts or questions from the readings?

AUDIENCE: I [INAUDIBLE] third year with you about the layer 2.

GARY GENSLER: About the layer 2. Yes.

AUDIENCE: The layer 2. Yeah. And [INAUDIBLE] that is that it's OK about having a second layer to provide
the efficiency and the high performance. But it's writing it off line. Yeah?

So we are starting to trust in a second layer that runs off line and then goes and put inside the
blockchain. How feasible-- how can we trust?

GARY GENSLER: So the question is about possible solutions to address performance and scalability. And I have
a few slides on that. But in essence, if the principal protocol-- the Bitcoin protocol, or the

Ethereum protocol, or maybe tomorrow it'll be EOS or some other protocol-- has some
performance issues, could some activity be moved to another channel?

That channel could be called a layer 2 in the Lightning network, which there was a reading
about. That could be with a little bit different technology cord side chains or sharding, which I
think was an optional-- yeah. I did that optionally. I didn't force you.

So there's a number of alternative channels. And though the technologies are, to

technologists, importantly different-- sharding, and side chains, and layer 2-- for this purpose,
for a moment, let me blur over the differences. The question that Leandro asks is, well, is that
meaning that we have to trust?

I would contend we already have to trust the protocol that the Bitcoin core developers have
written. It's open GitHub. It's open code. But very few people are actually going to investigate it
 enough to be assured there's not a bug or an error.

But I agree with you that the core-- the Bitcoin core or the Ethereum core has been living in-- if
I could call it-- the technological and commercial swamp. It's been attacked by so many

viruses and bugs, you have some reason to trust it. But you should never be 100% sure.

The side chains are less tested. But I do agree with you. You have some trust, unless I
misunderstand the question. I thought it was a trust in the underlying code.

AUDIENCE: My main point is working with secondary that's offline. You are not really transacting in the
block chain. Yeah. It's off chain. Yeah. [INAUDIBLE]

GARY GENSLER: So the question is, if you're off chain, should you be more worried? I was addressing just a
narrow part about the code. You're saying, should you be worried because it doesn't have the
same validation models? So can I hold that question until we get to the slides? Because I think
you do actually have some pretty good validation, but I think you're right that it's a valid

question-- is the validation in these off chains still work? There was a question back here.

AUDIENCE: I was just sort of going to respond to the issue of sort of trusting these offline mechanisms. It's
not in the same vein, but 90% of-- according to this-- daily trading volumes occurs in these
crypto exchanges. So that's also sort of happening off the chain.

So I think that in this community of people who are currently participating, there is no reason
that we're not going to trust third-party vendors.

GARY GENSLER: So you're raising the point-- and it's a sort of an irony of the whole ecosystem-- that the
majority-- and, in some cryptocurrencies, over 90%-- of the actual daily transactions are
happening in very centralized ways-- on exchanges, particularly the centralized crypto

exchanges, where-- I can't remember. But it was about half of you have owned Bitcoin at
some point in time.

But can I ask how many of you have actually operated a full node? So there's the two
technologists at the middle table, and Hugo, who is also, if I remember right, an engineering
PhD student? OK. So we have our 3 PhD students who have operate full nodes. Honors to you
all.

But for most of you-- and it was half the class have owned some Bitcoin-- you've trusted some

other authority to hold your private keys. I'm not saying you're wrong or right, but it's an
interesting and important point about this ecosystem.

So let me, unless there's other points, just go through some of how I thought about these
things and laid it out. And I-- of course, the study questions we've been talking about. So I'll
come back. But we will talk a little bit about hard forks. And we-- I didn't hear anybody talk
about interoperability. So we'll come back to that as well. We've talked more about

performance and privacy issues.

Just back to the technical features-- it's just repetition. Sorry. But I do think it's worthwhile.

There is, of course, the cryptography and timestamp logs-- so the bedrock of this technology

that we did three or four lectures ago. You will find that in permissioned systems. You will find
it in permissionless systems. That is a bedrock.

You will find in Ethereum Bitcoin and 1,600 others. There will be some shifts around-- the hash
functions might be a little different. But that's kind of a bedrock of this technology.

The Network Consensus is not necessarily always the same, as we talked about. Sometimes,
it's proof of work. Sometimes, it's proof of stake. Or in the permissioned systems, the
consensus is really, are you amongst the club? And then there's kind of some form of a club
deal.

If you're the Australian Stock Exchange, the only member of the club is the Australian Stock

Exchange. But in other permissioned systems, it's 20 banks or 15 banks that are sharing that
some delegated randomized authority to say, what's the next amendment to the--

And the transactions code and ledgers shifts largely dependent upon whether it's a transaction
ledger or an account ledger. So transaction ledgers have to have some way to record
transactions. Account ledgers have to have some way to record the change in accounts, which
Ether calls state transitions.

But either you have to record a transaction, or you have to record a change in the state or a
change in the account. An account would say, yeah, it would be like the income statement

versus the balance sheet. But you kind of need to record that.

And basically, all of these technologies, as I understand it, have some way to keep those
ledgers, though there's multiple ways to do it. And as we talked about last week, some have
one Merkle tree, and some have four or five Merkle trees. And so forth. But it's embedded in
 this, and they could have different scripting.

Questions? Just-- that's like the thumbnail just to remind you about the technology. It's the T in
MIT.

AUDIENCE: Just a quick [INAUDIBLE] question on ledgers. So for a transaction versus account in an
account-based ledger, does it say-- like, if you spend $5, does it say who you're spending that

$5 to? Or does it just say, your account went down $5, and somebody's else went up $5, but it
doesn't matter where it came from?

GARY GENSLER: So I'm going to take, as I understand Ether and Madars. You'll bail me out.

But you put a state transition-- instead of a transaction input, it's a state transition input. And
that state transition input does have one account going down, another account going up.

AUDIENCE: So if you investigate that, you can see where it came from.

GARY GENSLER: You can see both sides of it, as I understand. And there is a receipt ledger. There's actually a
receipt Merkle tree that then keeps this state transition happened. Did I did I roughly get that
right, Madars?

AUDIENCE: [INAUDIBLE]

GARY GENSLER: Oh, wow. All right. Madars actually does this for a living. I mean, he's the one of the founding
people of Zcash and a bunch of other wonderful things.

I'm not going to go through each of the details, but there was about 15 or 20 details in these
slides about the differences between Bitcoin and Ether. And I just use it to remind-- because

it's saying, OK, why did the professor-- why did the-- why did Gary put it up there? This
professor Lessig-- that was nice for Larry. But for me, you don't need--

But in essence, the big difference is account-based versus transaction-based. The kind of big
difference is Ether does seem to go faster, but it doesn't have a lot of throughput. They still
both use proof of work. Even though Ether says they're going to move to proof of state, they're
not there yet. When they get there, we'll all know together.

The economics are a bit different, of course, as well. But all of these details are part of the
reason why there's problems. And so you read in the Geneva report a little bit about a

professor-- an economist from the 1930s. Does anybody want to take a crack at it? Or should I
 just do my slides?

Here we go.

AUDIENCE: It was [INAUDIBLE]

GARY GENSLER: Yes.

AUDIENCE: He had the fact that everything you should be analyzed on the cost-benefit analysis so that if

one wants to use the blockchain decentralized network, you should take into account all the
benefits in terms of various costs of trust-- enhancing security, but also the cost of switching to
a decentralized system.

GARY GENSLER: Coase is an economist from the 1930s who wrote extensively about the cost and empirically
about the corporation. Kelly?

AUDIENCE: Yeah. Basically trying to understand why transactions would aggregate into a firm. Why move
all your activity into one?

GARY GENSLER: Right. So in a much earlier time-- way pre-Bitcoin, but a different-- why does economic activity
cluster into a firm, rather than-- if it was truly market-based, I might just be selling my services.

In essence, he was asking the question, why don't we have a fully gig economy in the 1930s,
where everybody's free labor, and even capital and labor meets individually, and we collect up
together? That was kind of the body of his question that he was-- so centralization versus
decentralization 80 years ago studied by a great economist.

So just thinking about it here a little bit, I think that when you go from decentralization to
centralization, you tend-- on the centralized side, you get capture. You get economic rents,

and you do have a single point of failure. In some sense, the resiliency of the system, whether
it's in finance, where you worry about systemic risk-- one clearinghouse, one central bank, one
government. If it's knocked out, it's so relevant to the economy at large. It brings it down.

Or if it's one database-- you have a single point, in essence, of failure. Economic rents is an
ability to collect excess profits. I assure you everybody in this class wants to collect economic
rents.

We start out as venture capitalists and entrepreneurs, but we have a motivation and an

incentive to be monopolists. But we don't want to do it illegal, of course. I mean, we just want
 to get there by dominating the market. I'm sorry. Was there a question here? You're just--
you're shaking your head, and I didn't know.

But on the other side, there's the benefits. The y-scale is not written on here. The y-scale is
how however you want to think of it, but I think of it as kind of costs. So the y-scale-- up the y-
scale is greater costs.

Decentralization-- the big costs that come there is coordination. You have a lot of collective
action issues. If the 100 or so people in this room were trying to do something together, you

would have to figure out how to do it collectively in coordination. And that's true of every
blockchain that you can think about.

Governance relates to coordination and collective action issues. And then security and
scalability-- these two lines are not in any of the readings, but they try to capture what-- and
depending upon the slope of the two lines, you might say that a market might tend towards
more centralization. In theory, if I change the slope, it would be further to the decentralized

side. Right?

If the cost of decentralization is a lower slope, and the cost of centralization is higher, we will

tend more towards decentralization. So it's just a way to visualize-- here are the costs of
centralization, which are basically capture rents and single point of failure, not that there aren't
other costs of centralization. Here are the costs of decentralization.

I think in each one of the applications, when you're thinking of use cases, it's worthy-- this is
kind of a core thing. Will this application lend itself to a low slope decentralization curve and a
high slope centralization curve? Are there a lot of economic rents? Are there real problems

with single points of failure or capture? And if it's a low slope decentralization curve, meaning
there's not much cost to the governance of coordination and scalability issues, then you're
going to be more towards decentralization.

This isn't any reading or book. It's just a shot at trying to visualize it. Sean? Any question?

AUDIENCE: [INAUDIBLE] One question I have-- it's slightly irrelevant from this area-- is that why are all the
privacy coins are off the hard fork? What-- a lot of them are off the hard fork for the Bitcoin as
a [INAUDIBLE].

GARY GENSLER: So Sean's question is why are the privacy coins forked-- not all of them, but many of them are
forked off Bitcoin or one of the major coins. Madars, you want to say-- did you-- you have one
 privacy coin.

AUDIENCE: So Bitcoin has a very robust and well-established code base. So there is a lot of high-quality
code.

GARY GENSLER: Could you speak up?

AUDIENCE: Bitcoin has a lot of high-quality code so you can build up on it. So it's natural to add privacy on
top of Bitcoin in your fork rather than write it from scratch.

GARY GENSLER: What Madars is answering is there's something that's freely available-- the Bitcoin Core code.
It's actually under a copyright license here at MIT, which makes it free. That was Satoshi
Nakamoto's decision. It wasn't that-- well, maybe Nakamoto does work here.

[LAUGHTER]

It's a clue. But it's been developed, and it's knocked around, as I call it, in the proverbial
swamp-- I mean, with all these attack viruses and so forth. And so Madars is saying, build off
of that and basically get that code for free. And then fork. Is that--

So the challenges-- we talked about it-- of performance, scalability, efficiency, privacy,

security. What there was less talk about was interoperability, governance and collective action.
And I'm going to dig into those two more because it feels like that's worthwhile.

I also believe that the first bucket-- performance and privacy bucket-- are more susceptible to
fixes. Though that might take three or five or even eight or 10 years to happen, I think they're

more susceptible to the bright men and women that are in these fields addressing themselves
to the computer science and cryptography of the space, whereas governance and collective
action might be solvable. But I think it's sort of inherent in the human element and the
commercial arrangements that governance and collective action are the harder of these four
buckets. That's just one person's read of it. But we'll go through some of the reasons as well
why I kind of get to that view.

There's also commercial use case challenges. We're not going to dig into that much here.
That's mostly the second half of the semester. But I just wanted to mention that's a real thing
that a lot of folks are saying, well, would-- I have to make sure that this is the best commercial
application, and so forth. And can I make money, I mean, ultimately on it?
 And then we are, next week, going to talk about the public policy issues and challenges. And
they all kind of intersect in a way, as well.

So Vitalik Buterin-- I think there was a Medium post I had you all read. Bo, do you want to tell
us a little bit about what you think? Is Vitalik not only a brilliant computer scientist, but does he
get the economics of this right? Or you think he's off?

You can be on-- there's no right answer. I know people that feel both ends of the spectrum
about his trilemma. So I'm setting you up that--

AUDIENCE: Geneva [INAUDIBLE] it first. It seems like it makes sense. But his-- he's basically saying
choose two. You can't have all three.

GARY GENSLER: Right. There's an old saying about-- how many of you have ever hired a contractor to fix
something in your kitchen or renovate something? I mean, I have. I'm a little older, right? You
know the old saw that it's good, quick, cheap, but you can't get all three? You can only get two
out of three. That's sort of the contractor dilemma.

But what do you think? Do you think he's right? Or do you think you could maybe, over time,

get all three-- good, cheap, quick, scalable, decentralized, and secure?

AUDIENCE: My very unsophisticated knowledge of the technicalities behind this-- I think he's right.

GARY GENSLER: You think he's right. Who wants to take the other side just to have some fun and some

debate? Sure. Yeah. Go out at it, Leonardo.

AUDIENCE: So--

GARY GENSLER: There. You got it. We got the name.

[LAUGHTER]

AUDIENCE: I think one of the texts we're talking about-- the time that systems have had to develop. So the
image, for example, Visa has had 60 years to develop a system that works. Some of those

currencies have three, four, five, ten years. So they will, I think, even put a number. His
personal opinion of [INAUDIBLE] was that less than 5% that will not overcome the hurdle.

I don't know if that is right or wrong, but I think the fact that it's so recent-- I think the jury's still
out.
GARY GENSLER: All right. So Leonardo's point is it's recent. This is a new technology. Yes, maybe Vitalik is right
that only 5%-- maybe only 1% will succeed. But to say that no one will deal with these three
points in this simultaneous satisfactory way-- and ultimately, it has to be satisfactory in a
commercial way-- taking the risk and trade offs. So Leonardo takes the other side.

Anybody want to say why Leonardo-- Hugo, were you-- which side are you taking? Leonardo's

side, or Vitalik's side?

AUDIENCE: Somewhere in the middle.

GARY GENSLER: OK.

AUDIENCE: So I think that there is a trade off. But I agree that it might take time to improve all three
simultaneously.

I mean, one thing that happened just this last week in Bitcoin was there was a vulnerability

discovered. And as somebody who doesn't know how to check the code base, really-- I'm not
a computer science person, so I've never checked for bugs or anything like that. I don't know
how to do that.

I kind of just take the software as it stands and download it and install it. And when they say I
need to update my software because there's a bug, I'll update the software because there's a
bug. And that kind of feels like more of a centralized system, but you're getting that security.

But then the decentralization comes from the fact that the network is still spread out over so
many nodes.

So there are trade offs that I think you can kind of build on one and then climb another cliff and
kind of build on each, but not the same time.

GARY GENSLER: So Hugo is somewhere in the middle. I'm probably an optimist enough on the human condition
and that the technologists will solve more than Vitalik. So I'm not saying I'm all the way where
Leonardo-- wherever yeah-- there would be. But I'm probably closer to Leonardo than to
Vitalik. But that's just my point of view.

I also find it interesting, if it's all right if I say-- Hugo's an engineering doctoral student here.

And yet, he's not checking the code. Not any-- right? Because-- right.

AUDIENCE: [INAUDIBLE]
GARY GENSLER: So there's a trust issue that-- in the marketplace, the trust of the code. We all also trust

Facebook and Dropbox and, broadly speaking, the internet as well. Priya?

AUDIENCE: I was going to say that there are several examples throughout the evolution of human
interaction where these three things have been sorted. So it might not be that any-- in some
systems, at any one time, all these three nodes are working, right? Like for our current
payment systems, there are moments of vulnerability. Yes, but then you catch it sooner or
later. So I feel like it's maybe not-- it's about having it all perfect right now versus, will you get

to a point where all three are mostly in place and working.

GARY GENSLER: And I think-- I like how Priya said working enough, right? It doesn't have to be scalable to the
place where it's millions of transactions a second. But maybe it needs to be faster than seven
or 10 transactions a second, or Ethereum 20 transactions a second.

We had-- I should also remind everybody Tuesday nights we have dinner. Simon Johnson
treats every Tuesday night. It's not required to come, but it's 5:30 to 7:00 that we have an
outside speaker around the blockchain space, and you're welcome to come. Michelle is here,
who-- Michelle Fiorenza.

AUDIENCE: [INAUDIBLE] mailing list. So please-- I'll put my name on the board later.

GARY GENSLER: So Michelle will put her name on the board-- anybody that wants to come. But this past week,
we had somebody speaking about the scalability issues. And when his company did a $25
million initial coin offering, the day of the offering, which only had 40,000 to 50,000
purchasers-- so 40,000 or 50,000 purchasers on that day-- that means a smart contract had
to be triggered numerous times that day. Took over a third of the entire Ethereum network on
that day.

And it's sluggish. And just to close and settle on its initial coin offering, it was saying, jeez.
That's not the scalability we want. So we know that's where we are today.

Visa runs around 20,000 to 30,000 transactions a second. DTCC, which settles all the stock

and equity trades here in the US, has to be available to transact at least 100,000 a second.
Most seconds, it's 5,000, or 10,000. Or some seconds, it's 30,000. But the Securities and
Exchange Commission says, no. You have to be rated for four times your average, roughly.
So this gives you a sense of the scalability issues, just in the current environment.
If one layer is the Internet of Things on top of it-- there's somewhere that I've heard different
estimates of 8 to 10 billion devices currently connected to the internet. And that's likely to grow

as more refrigerators, and street lights, and traffic lights are tied into the internet in the next
five or 10 years to 50 to 100 billion devices tied to the internet.

If they start communicating to each other, will it be a blockchain for Internet of Things? Can't
do it at these types of scaling numbers. Or can you do it in some alternative method?

Proof of work is also has a bunch of energy consumption. We didn't have that a lot in the
writing. We chose not to put a bunch of that in the Geneva report.

One estimate is that it's 200 million kilowatt hours per day. That's equivalent to about 7 million
US homes, on average, just to give you a rough digicomonist estimate. That's 1/3 of 1% of all
the world's electricity just scale it if you-- now you can have a nice dinner party conversation

point.

It's the electricity of the country of Austria. Is anybody Austrian? No. I just was-- you know.

So that's one set of trade offs of proof of work as well. But it also costs a lot of money to run

the banking system. So I think that when somebody says, well, it's terrible. It's challenging, all
this electric costs. Yes, we always want to lower costs. But the US financial system is 7.5%
percent of our economy and costs $1.5 trillion.

So the payment system around the globe costs a 0.5% to 1% of the global economy, which is
more than 1/3 of 1% of the world electricity costs. So I'm just putting it in-- it's back to those
questions of which costs of trust, which costs-- I'm neither a maximalist or a minimalist, as you

recall.

So what are some of the alternatives? We're not going to dig into each of these-- side chains,
sharding, layer 2, payment channels. Anybody want to take a crack? They're not all identical.
It's-- Madars and I had a conversation earlier today and said I couldn't even get my head
around because I get confused. But does anybody want to give the basic-- we were talking
about it earlier-- the basic tenet because you had a reading about the Lightning network as to

what's the economic thing and technical thing that's being attempted in all four of these types
of thing?

James, was that a hand up? You're going to give it a shot? Give it a shot.
AUDIENCE: Most of these are on the chain-- sorry. Most of these are off the chain, but some is on the
chain. And the idea is you transact off the chain that balances are traded, and the net of the
results goes onto the chain. So you try and speed up by processing off the chain, where you
have thousands and millions of transactions. And it's only the net amount that goes in the
chain that is [INAUDIBLE]

GARY GENSLER: So James has summarized it as, it's like saying, there's this chain-- this channel, if you wish,

that the water is running in, or the digital money is running in, that only has a certain speed. It
can only take a certain amount of performance. Why not take a lot of activity and put it in a
side channel, which is called a payment channel, actually-- but a side chain, or a payment
channel, or a layer 2, all with slightly different technical features. And maybe do millions of
things off here, and only put some here.

It is not new to blockchain and Bitcoin. We already have that in the world of finance for

decades, in some way or another, where some activity can't go to a central settlement system.
And recalling ledgers-- the central bank, whether it's the US central bank or any central bank,
could have been set up that all of our deposit accounts were directly with the central bank.

And in a sense, the side chains in finance right now are 9,000 commercial banks. 9000
commercial banks are dealing with our money flows and then sort of net settling to the central
banks ledger in what's called digital reserves. And in fact, even the banking system-- the 9,000

banks in the US-- have their side chains-- Visa, MasterCard, First Data, all the money
processing. So there's already a layering. I look at layer 2 and side chains as kind of taking a
similar economic approach and technical approach that's already been around, but in a new
way.

I grabbed a chart from 2015. The details don't matter, but this was-- I did it because it was
three years old. This was one person's truth coin. One person's view is what side chains--

basically what James says. Lots of activity over here, and only a few things go over to the
main chain. The visual is what I wanted to get across. It was just that it's kind of-- think of it as
loads of activity over here, and then we only settle at some times to the main chain.

Another visualization of a different is the Lightning network. Again, a lot of activity, then settle
to the main chain. Questions?

AUDIENCE: Zack. There seems to be a good trade off. A lot of people are proponents of making the block
size bigger. A lot of people say the side chains. I have trouble understanding the trade offs
 between those two. So why not just a bigger block? What's the problem there?

GARY GENSLER: So there's a series of trade offs of economics and technology. The more you put inside the--

let's call it the main chain-- the blue boxes at the bottom, to speak. The more you're putting in
there, you weighed it down. There's more processing, of course, and more storage, and so
forth.

But also, there's some-- there's too much latency. In Bitcoin, it's every 10 minutes, and you're
not really sure until 3, 4, 5, some would say 6 blocks to an hour go by. So economically, if you
want high frequency, low latency-- short time periods-- you might say, I can't get that on the
main chain because the main chain wants to have low latency. Every 10 minutes is low latency

now. Low latency to be more secure to keep the mining cost and the proof of work up. So
there's some economic and technological both crosscurrents with that.

Unrelated to what I just said, but overlapping, there's also a bunch of miner and mining poll
operator economics as to whether they want big blocks, or small blocks. And part of the split
last year was-- it was sort of more motivated around local politics rather than global politics.

As the former Speaker of the House, Tip O'Neill, said, all politics is local. I think some of the
debates last year was about local economics and the economics of miners But I don't know--
Madars do you-- Madars was probably in the middle of some of those debates. But would you
have a different view?

There was a big debate last year as to whether the Bitcoin block should go bigger or stay the
size. It was not the only reason, but it was part of the reason we have now Bitcoin Cash and
Bitcoin because Bitcoin Cash has a bigger block size and a shorter 2.5 minute processing
time.

AUDIENCE: There's something that can be said about--

GARY GENSLER: Speak up.

AUDIENCE: --mining centralization. The bigger blocks you have, only the miners that can handle the
enormous blocks will be able to stay in business. And less decentralization means less
security. So there is incentive, both from decentralization and security, to keep the blocks

smaller, not bigger.

GARY GENSLER: So what Madars is saying is there's also a bit of economics around centralization. The bigger
 the blocks, the fewer miners can handle it. The fewer miners, the more centralization, and
thus, less secure, and maybe even economic rents because every centralized system can
collect economic rents. Yes. Alin.

AUDIENCE: Another problem is that if you have bigger blocks, they take longer to propagate to the
network. And in sort of unintuitive ways, if that happens, you get more accidental forks to the
blockchain. And people hate accidental forks, especially minus accidental forks because they
lose coins when their blocks aren't--

GARY GENSLER: So Aleen is saying a technical feature is bigger blocks are more likely to take time to
propagate through the network. And thus, you might end up inadvertently having more chains
that are discredited, in a sense, because there was work being done until the first one gets
propagated.

AUDIENCE: My question is about keeping track of the transactions.

GARY GENSLER: That's right. So Leandro-- did I-- no?

AUDIENCE: Yeah, yeah. That's right.

GARY GENSLER: Leandro-- OK-- was asking, how do we validate the Lightning network? And how do we assure
that that is-- though-- though--

AUDIENCE: Yeah because we're working with net [INAUDIBLE] in the chain, how do we really keep record
of everything that's--

GARY GENSLER: OK. So the side chains are not recorded gross on the main chain. They're, in essence,
recorded net. And in Lightning network-- I said I wasn't going to get into the differences, but
here I go. The Lightning network is more a bilateral network.

It can take on the feeling of multilateral because I could have a transaction with James. James
could have a transaction with Kelly. And it feels like it's three of us, but it's bilateral James and
Gary, bilateral James and Kelly, as I understand it.

And so those individual transactions, while they're recorded-- keep me going here-- recorded
in the Lightning network, they're not on the main chain. We ultimately, then, net settle to the
main chain. And we actually, in a sense, pre-fund or pre-- it's a form loosely of escrowing at

the beginning.
 So James and I might be messing with each other, but we're bilateral. And so we have another
approach to the trust. In addition to the computer code, James and I might have other reasons
to trust. Joe Quinn.

AUDIENCE: Sorry. What keeps me out of double spending-- once on the Lightning network, and another
one on the blockchain main network at the same time?

GARY GENSLER: Because there's-- I want to be careful because I'm using the terms loosely. There's a form of
prefunding. It's not that you actually fund onto the main chain, but there's a little bit of
partitioning. Does that-- Madars? All right. I keep looking at Madars because he's actually

coded this.

So that's what protects you, in essence, that James and I-- if I'm saying, well I'll send you a
one bitcoin. And tomorrow, if the sun does come up tomorrow, you'll send me half, we're
partitioning that one Bitcoin or his half Bitcoin until we then close out that-- it's written into the
scripting code. And it's written almost like a smart contract-- but it's not called smart contracts--
to sort of partition, or you might loosely think of it as escrowing, even though technically it
might be different.

But stop by, and we can-- and if not, some of our colleagues at the digital currency initiative
like Taj Draga, who programmed the Lightning network. I mean, that's an MIT collaboration
with others. And we don't promote it just because it's MIT. It's like one of the leading ways to
do performance. It happens to be MIT.

So let me talk about other ways to do performance and move on. We already talked about
alternative consensus protocols. You've seen this slide, I'm just bringing it back because it is a
way to deal with scalability. It's a really critical, important ways. Proof of work is one of the
issues about scalability.

And generally-- I'm summarizing. I'm simplifying, in a sense. But generally, all the alternatives

have some way to randomize or delegate the node that will do the next block. It kind of all
comes back-- how do you add another block?

And Stuart Haber in the 1990s, when he started with all this blockchain stuff and put it in the
New York Times, had a central authority. And he set up that company Surety. And he put it in
the New York Times.
And what Nakamoto consensus is, is he said, well, no. We're not going to have Haber and a
central authority. It's going to be decentralized.

So these other consensus protocols generally have some randomized approach to delegate
the selection of the next block. It's not always that way. But they may also have a mechanism

to do a second thing-- a second touch.

Silvio Micali's algorand-- he's a professor over in the Computer Science and AI Lab and a
Turing Award winner. He's got a company that has an interesting thing. It's like a jury
selection. It's like picking somebody for the jury that's picking this short group of 12 nodes that
might do something. And every block has that selection process. But then there's another
broader group that then can check the work of the jury.

So often, there's kind of a second automated way, because trust isn't there, ensuring that
there's a quick second check. Did they decide guilty or innocent correctly, so to speak. Again, I
apologize if I'm a little oversimplifying Silvio's brilliant work.

So it could be proof of stake, proof of activity, proof of burn, as we talked about, proof of
capacity. And as I mentioned last week, there's not large-scale uses, but DASH and NEO both
have some form of this going on right now.

And Ethereum has a big project. I'm confusing their two projects. There's Plasma and there's
Casper. Casper is their project to get to prove of stake, but they're not there.

Privacy and security. So I'm trying to remember who raised the contradictory tensions. The
contradictory tensions is law enforcement and regulators want more transparency. Even
though the FBI did, you know, sort of figure out some Russians were using Bitcoin to mess in
our elections, they want some more transparency in financial institutions. Users and even
some regulators want less transparency. So it's not-- it kind of goes both ways.

But these, I think, are also truly solvable. Well, for consumers, there's DASH and Monero and
Zcash. And there's even mechanisms called mixing and tumbling, which I truthfully can't tell
you the difference. But I can tell you regulators talk about mixers and tumblers and privacy
coins.

When I go to some regulatory conferences-- because they sometimes invite me as a former--

that middle slide-- the privacy coins and the mixers and tumblers-- the finance ministries and
the law enforcement stuff, that's where they kind of get worried.
 Madars, you want to come up here and tell us anything about Zcash? Or you want to do it
from there, as to what inspired you to do a privacy coin that a bunch of law enforcement folks
don't like?

[LAUGHTER]

Oh, I don't mean-- I mean, but, you know.

AUDIENCE: Obviously.

GARY GENSLER: And it's legal. I mean, it's a coin. It's real.

AUDIENCE: So just like cash can be used for illicit purposes, also systems that provide strong privacy like
Torque can be used for illicit purposes. So it's said privacy is a human right, and we shouldn't
be giving up our financial independence just because I want to buy a coffee. I don't want to
reveal all my other transactions. Well, I think that there are mechanisms how law enforcement
can against our regulatory objectives, but privacy I think is fundamental right, so we should
fight for it.

GARY GENSLER: And so when did you start working on the project?

AUDIENCE: I think it was 2014 when we started writing the paper.

GARY GENSLER: So you started with a paper.

AUDIENCE: [INAUDIBLE] like prototype, codebase, we put it open source. And then there were the
companies that got formed to launch the project.

GARY GENSLER: And I think Zcash now is somewhere around a billion dollar market cap.

AUDIENCE: It fluctuates wildly.

GARY GENSLER: Fluctuates. So that's why you're here. It went down? No, no. You don't need to answer that.

Sorry. Privacy. But in essence, what Madars is saying that he came to this-- what were you
doing in 2014?

AUDIENCE: I was a grad student here at MIT. I was mostly working in zero knowledge groups.

GARY GENSLER: On zero knowledge groups.

AUDIENCE: It seemed to be like a natural application, like Bitcoin plus [INAUDIBLE] techniques. Maybe
there's something there.

GARY GENSLER: So here, a talented graduate student at MIT with the collaboration of others said here's this
cryptographic mechanism called zero knowledge proofs, which we'll chat about in 30 seconds.
And here's something called Bitcoin. Why don't we bring them together, and we can promote
in his own words some human rights? Just as you buy a cup of coffee and you don't have to
say who you are, you could use this new Bitcoin enhanced zero knowledge proof, Zcash.

AUDIENCE: I have a question regarding how do you define illicit activity in a way [INAUDIBLE]. Living in a

country that has capital control, and if I use, for instance, Monero or Zcash as a way to get the
money out, does that count in these activities, or [INAUDIBLE]?

GARY GENSLER: So fortunately, I don't have to define illicit activity. But generally, societies come together
through their reasonable mechanisms, whether they're democratic societies or not, but they
come together through their legislative branches and their executive branches and their courts
and define some things that are not allowed. But generally speaking, when I'm using the term
in this class. I'm thinking about four or five buckets.

Most societies do not want to shrink their tax base. So they want economic activity be inside
the tax envelope, rather than outside the tax envelope. And that's usually the words that
finance ministers call that is a tax base, how much is outside versus inside. Secondly, most law
enforcement and most societies do not want to have the money rails, the banking, and other
ways you can move value to facilitate otherwise illegal activity.

So it's using money to facilitate otherwise illegal activity. So the otherwise illegal activity might
be drug running. The otherwise illegal activity might be terrorism. It might be child slavery
literally. So it's whatever the otherwise illegal activity is to use money, and that's generally
called money laundering or other things.

So you're absolutely right. Another thing is that for some countries, less than a majority, but
some countries have capital controls. They're trying to maintain the value of their Fiat currency
relative to other Fiat currencies. And in an effort to maintain some either fixed or relationship,
they have capital controls, and thus, in those countries, they might say illicit activity also is

running around the capital controls.

But it's each country, each society. And Sean, you raise a good point as to what does it mean.
I mean it not to show any value. I'm saying there's a series of these things that each society
comes together and says usually around the tax base, usually around trying to not use money
to facilitate otherwise bad stuff and in some countries, the capital controls. I saw a hand here.
Daniel, no. Was there-- and we're going to do more about illicit activity next week about
guarding against illicit activity. Hope the correction got filmed, too.

So there's another set of security issues around private keys. And to most of us that have
passwords, you know if you lose your password, they're usually in essence a back door that
somehow the platform, whether it's Facebook or even at Bank of America, if you lose your
password, There's a back door, and they can say, there is a way to validate with enough
probability weighting that I'm Gary Gensler, and they'll give me a new password.

I mean, in some circumstances, it's a high bar, and there's some biometrics involved. But in
most cases, it's a pretty low bar, and they'll give you another password if you can, like me,
remember the answer to my high school girlfriend was or something. These questions, like I
remember it's Irene, but then I've just given it up. I've just given it up. That's terrible. I have to
change it.

But custodial private keys is a very real thing, and you've read about the hacking, and we'll
read more about it when we get to crypto exchanges. It's a very dominant issue, not just for
individuals, but for institutional actors. How does a hedge fund or more likely how does
BlackRock or Fidelity, as an asset manager, secure custody in a way that works? And it's an
asymmetric risk. It's a tricky risk.

For most of finance, they don't have custody any longer of the securities. When I started on
Wall Street, they were still the cage. C-A-G-E. It was a physical cage where the remnants of
paper stock certificates were still in the cage. I didn't start so long ago that it was before
DTCC. Things were getting electric, you know, digital. But there was still a physical cage for
some physical paper certificates.

If you lost the paper certificate, you could still go to the government or the company that
issued it and back door and get a new paper certificate. It took time. It was hard. It was to
authenticate it. But in this circumstance if you lose the private key, there's not the back door
issuer to get the next one.

So it's a very interesting issue, not just a technological issue and a cybersecurity issue, but it's
a whole set of financial custody issues, an asymmetric risk if you're a Goldman Sachs or
 Fidelity, and you lost a key, or it got hacked, and it was billions of dollars. So it's just
interesting-- I don't think it's unique to blockchain, but it's rather specific to blockchain and
finance and how it overlaps.

So some of the solutions-- and I do think there are solutions here-- are some of the things that
Madars and Neha Narula, who runs the Digital Currency Initiative, are working on. And they're
working on using two cryptographic primitives we're not going to deeply go into. We did hash
functions, and we did digital signatures. Those are algorithms, or they're called cryptographic
primitives. Well, there's dozens of cryptographic primitives, math algorithms.

Well, the other two that are used a lot in this field are zero knowledge proofs and less often
probably as Peterson commitments. And I put up there my words. I got Madars to help me
write this one. But my words is zero knowledge proves let someone prove a statement is true
without revealing the details of exactly why that statement is true. You might say, wait a

minute, you can prove something's true.

It's sort of like if you walk into a bar and they need to know you're 21 to get a drink, let's make
this tangible. What do you need to prove that you're 21? You need to prove that you were
born before 1997, September 27. But you don't need a lot more details. And so there's some
computer scientists here at MIT that actually did the foundational work on zero knowledge
proofs 20 to 30 years ago, Silvio Micali and others, for which I think was part of why they won
the Turing Award, amongst other work.

So zero knowledge proofs are very interesting cryptographic mathematical puzzle solving that
Madars used for Zcash. Neha and Madars is using for something called ZK Ledger, which was
an optional reading. My gut tells me there are ways that we can go forward that regulators and
the official sector can get their transparency they want and the financial sector at the same
time can get the privacy they want, that the two can actually coexist through the modern
methods of technology.

Alexi, is that a hand up or just a waving-- no, all right. You want to add anything Madars since
you're the co-author of this the ZK Ledger paper that was optional.

AUDIENCE: [INAUDIBLE] an influential [INAUDIBLE] called zero coin protocol developed at Johns Hopkins.

GARY GENSLER: So Johns Hopkins developed a middle coin--

AUDIENCE: Middle protocol called Zero Coin.

GARY GENSLER: Zero Coin.

AUDIENCE: Using Pedersen commitments and Zcash didn't use Pedersen commitments. There's a lot of
very interesting history behind.

GARY GENSLER: And Pedersen commitments are yet another cryptographic primitive or algorithm, which
interestingly, they're similar to hash functions, where you take a bunch of data, and you squish
it together in a sense. You compress it and get a commitment. But you can actually add and
subtract them. It's an interesting thing where you can commit to data like a hash, but you can
also add and subtract commitments.

So it has some interesting features. If you're deeply interested, I will probably line up Sabrina
to help you, or Madars might help because I'm at the edge. But what I'm saying from a
business side is my hunch-- and this is that-- we're at the we're at the cutting edge here at MIT
of some of the folks try to figure out how to do privacy and security at the same time.
Questions on that? Because we're going to get to the tougher things.

Interoperability. Linking Blockchain applications to legacy databases or linking them to each

other. So you might want to link Blockchain application-- if you're thinking about a payments
protocol, how does that payments protocol and Blockchain world link to the fiat. Because
ultimately, if you're doing, let's say, remittances, and you want to move money from here to
Mexico, somebody wants Mexican peso, they might be starting in US dollars, how do you
operate basically with three different systems in that case?

Your ingenious, innovative start-up, but the US dollar fiats system and the Mexican peso
system. So that's a form of interoperability and the challenge around it, or Blockchain to
Blockchain if we've got 1,600 of them, or even interoperability of the main chain and some of
these layer two and side chains. That's an easier interoperability because it's kind of coded
right in. But it's always-- and this is not a new thing.

Banking has had interoperability all the time. Take my example of the US to Mexico. To move
US dollars and convert it to Mexican peso is in two entirely different banking systems and two
entirely different ledger systems. So we have to have this question of interoperability even pre
Blockchain. But it's just bringing it to this new technology.

It raises costs of trust in coordinating the transfer assets and information across chains, in
essence, or as we talk about, across ledgers. So it's an issue that it's been around. We just got
to sort of see how we solve it here. One solution. It doesn't mean it's the right solution, it's the

only solution, but one solution is to do through some decentralized mechanisms including side
chains, or one of the favorites of the director of the Media Lab, Joey Ito, thanks maybe if we
have layer 2, we should also have layer 0.

Underneath all of these coins, underneath Ethereum and Bitcoin, maybe there's a layer that
we can technologically create. Nobody's done this yet, but Joey's a visionary. Joey had the
first internet service provider in Japan at the age of 23 when he got $1,500 of computer
equipment and put it in his bathroom. And that's how he started. Yes. Yes, his bathroom. It
was the only real estate he had.

So which way does this go? You hadn't heard that about Joey? So it's a way to start a
company. And I think far more work needs to be done. So it may be solvable. I'm not sure.
And then consensus required for software updates. It's a tough one.

Open source software updates, which are not backward compatible. Like, can I update the
software, but then you can't use it for the 500,000 blocks that are already out there in Bitcoin,
or in some-- or the millions of blocks in the ether. So the problem often happens that the older
versions won't validate all the new blocks. And if they won't validate all the new blocks, I'm
simplifying again-- think of like Excel and you get that update on Excel or Word for Windows,
and you can't open your old files.

I mean, it's a rough lay definition of what this issue is. And so it leads to something called hard
forks. And this little visual on the right hand side is basically what happens is you can't validate
all the old blocks, because the new software is kind of going beyond it. A hard fork would
happen is if you took two megabyte blocks, if you made the block size bigger. The old software
would not take that if I've got this right. That would be a hard fork.

And so that's an issue, and it's happened. The Ethereum network has Ethereum Classic and
has Ethereum because of a hard fork that was encouraged by Vitalik Buterin, and the Bitcoin
network has one from last year, where it was this debate about block sizes. So most software
for decades has dealt with how do we update software, but they can push it to us. And we get
it, and we hit a button and we get it, and after a while, we get annoyed and we don't update if
you're like me.
 But the consensus-- remember, this was a graph that we had. The consensus always supports
the longest chain. If the consensus is to adopt this new technology, and only 80% or 90%
adopt it, it's a question of whether the other 10% or 15% will keep maintaining the shorter
chain. And in Bitcoin Cash, they have.

And so in essence, now you have two currencies. If, for some reason, it atrophied, and they

stopped maintaining it, then the value, in a sense, in a commercial setting might go to zero.
Was there a question? So broadly speaking, I think the toughest issue is about collective
action and governance. How do you get a whole group of people to be moving in a similar
direction?

Blockchain applications derive part of their value from participation of multiple parties on the
network as well, that multiple people are involved. It's remarkable in hindsight that Satoshi
Nakamoto, whomever he or she was, got this many people. There's nearly 100 people in this
room studying this 10 years later. But somehow he solved a collective action issue because it
was just software code back in 2009.

But it's still the example, how does Silvio Micali with a very clever Blockchain adaptation and
Algorand, how does he get people to start using it? And until he starts to get people to use it,
where's the value? Or if you have an application that's to be file sharing or for medical records,

there is a medical records project here at MIT, but how do you start to get people to use it?

And these are solved every day in the internet space, but Blockchain has a little bit greater
wrinkle. So there's a chicken and egg issue. Priya.

AUDIENCE: This is like heresy in this room, but is it because it isn't a real thing? Versus like a medical
records, it's really a real thing. Because I wonder about that a lot. Does it proliferate because
there's essentially not much effort, real cost to it--

GARY GENSLER: Priya's question is is there some perception-- can I use that word? There's some perception
it's not a real thing, so it might not propagate, and there might not be as much consumer
adoption. That may well be one of the commercial challenges. Eilon, did you have

[INAUDIBLE]?

AUDIENCE: Yeah, I think the adoption of Bitcoin was because people were interested in the innovative
solution. And then Ethereum and with Algorand leaving in a few months, it will happen in other
blockchains, are basically pouring money into the ecosystem, giving money to developers to
 develop solutions, because they are betting on the success of that network.

GARY GENSLER: Right. But for every one of you as you're thinking about your final projects, this collective action
issue has multiple features. One, to me, is the governance of the Blockchain software updates,
which we said is a little bit about hard forks and so forth and how do you have consensus and
how centralized to the governance stay, which we'll come back to when we talk about the
Securities and Exchange Commission and whether it's a token that's regulated as a security.

So there's that part of governance. But then there's the collective action issue that if you have
a payments or medical records or trade finance, how do you get folks to adopt. And in the
banking sector, the banks are the big sort of elephants in the room, the big dominant
incumbents, how do you get them to adopt, or are you somehow competing away their profits
and not having them adopt, which is more a commercial business issue about collective
action.

So the financial sector, as we've talked about, favors permissioned blockchains that don't have
as many-- they have some collective action issues, but they don't have as many collective
action issues. They have far fewer scalability and performance issues, because they say, I'm
not using proof of work. It might be 15, 20, or even 75 or 100 nodes, but they think that way,
they can secure their privacy and security.

Now, Madars and Neha's paper on ZK Ledger might be a solution. And some of those banks

might start using that. But I'm talking about 2018. I'm not talking about 2020 or 2025. Right
now, they're favoring permissioned closed loop systems, rather than permission-less open
loop systems.

So next week, we're going to be moving to public policy. Oh my god. You're going to get to
read my testimony, all 28 pages of it. Yeah, look, I get it. But I was asked to testify in the
House Agriculture Committee in July. It's a venue I'd been at a whole bunch of times. It was
fun to be back in front of them, Chairman Conaway from Texas and Collin Peterson from
Minnesota.

But yes, you'll get to read my-- I knew that there was no legislation that was going to happen
this year. I want to just give you the feedback. But Republicans run the committee. They get to
invite as many witnesses they want, and then they let the minority invite one, sometimes two
witnesses. So I got the call to testify, because I'm like the old sea dog, and they're bringing me

in or something.
But it was fun. But I was preparing for this class anyway. So I kind of wrote the testimony for
you all. Congress thought it was for them. And it was. It was. But that's the main thing. Mark
Carney, who runs the Bank of England, wrote this really beautifully written piece that he gave
in the spring, about a little bit the history currency and so forth. But Mark also runs the
Financial Stability Board, which has the finance ministers and central bank governors and
securities regulators from 20 countries. So it's the G20's finance heavies.

I used to go to that, not as a finance heavy, but I used to go because they wanted me inside
the tent, rather than outside the tent, because we were doing derivatives reform here in the
US. And some of the foreign finance ministers had a different point of view. And when it got to
the place when finance ministers-- and it was an interesting group, the Russian finance
minister in the UK and the South African and four others wrote a joint letter to Secretary

Geithner pointing out some-- shall we say observations on what we were doing. They had
differences.

I got invited, so I used to go. I got to know Mark very well. But it's a good paper. And you'll get
a sense really-- I would say, Mark is neither a Bitcoin maximalist or minimalist, but he does say
don't use the word cryptocurrency. Use the term crypto asset. So it's kind of an interesting
piece.

And then I don't know how many of you are Sloan Fellows that are here. I recognize some of
the Sloan Fellows. I think about 20% or 25% of the class are Sloan Fellows. You're going to
get to see Joe Stiglitz in New York in a few weeks, and I think-- yeah, this is the CNBC piece
where Joe, who's a Nobel laureate at Columbia University, has a stark and distinct point of
view about Bitcoin.

I've had two or three lively conversations with Joe about this. Later in the semester, you'll read
Paul Krugman and Nouriel Roubini, and there's a little video of Bill Gates talking about Bitcoin.
I want you all to be aware of the Bitcoin minimalist and understand what they're saying. And I
would put Joe on a 1 to 10 scale, at maybe 1 and 1/2 or maybe 2.

Paul, you'll read Paul Krugman's piece a little later. He's kind of down there, too. I can't just--
they can't modulate between them. But I think it's really important to understand what some
really great minds are thinking about this from that side as well. So that's what the three things
are for next week.
And the conclusion, I think that it does provide the networking, but it comes with costs. As we
said, there are a bunch of trade-offs. I think the scalability, the efficiency, the privacy they want

are solvable. I can't prove it. But I think in a matter of years-- and it might be three or 10 years-
- it won't be three to 10 months, though. I think a lot of that is susceptible to the bright minds of
MIT and elsewhere as computer scientists.

I think the challenges that are tougher, it really relates to governance. I think governance and
collective action and back to those two graphs, there really are places that are better to
centralize than decentralize. And we're going to be exploring that for the rest of this semester
together. So thank you. Thank you for the veterans who sat through all that.

[APPLAUSE]